guidelines
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to automatically execute Git shell commands (
git pull,git add,git commit,git push) when specific keywords like 'pull', 'push', or '푸시' are detected. This automated execution path lacks manual approval steps and can be triggered by text generated from untrusted inputs. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill reads external, potentially untrusted content from
define/고객분석.mdto generate the project guidelines. - Boundary markers: There are no delimiters or 'ignore instructions' warnings used when processing the input data.
- Capability inventory: The resulting
CLAUDE.mdconfiguration grants the agent the ability to perform file writes and repository-wide Git operations. - Sanitization: There is no evidence of validation or filtering for the external content before it is processed.
- [PROMPT_INJECTION] (MEDIUM): The 'Optimal Solution Guide' section mandates a 10-cycle iterative process for every request starting with 'o:'. This hardcoded recursive logic could be exploited to cause resource exhaustion (Denial of Service) or to facilitate gradual bias poisoning through repetitive state updates.
Recommendations
- AI detected serious security threats
Audit Metadata